DCR: DataCapsule Replication System

Hanming Lu

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2022-267
December 16, 2022

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2022/EECS-2022-267.pdf

The DataCapsule Replication System (DCR) is a continuous replication system using DataCapsule, a cryptographically hardened data container. The system uses DataCapsules as its underlying storage objects to provide a secure and efficient storage system on untrusted infrastructure. In particular, it uses an in-enclave proxy with HMAC channels to minimize write latency, lower compute and network requirements on clients, enable network efficiency, while maintaining data integrity, confidentiality, and provenance. In addition, it introduces optimizations such as periodic signatures to further reduce computation workload on clients, while maintaining provenance on every piece of stored data. In our benchmarks, the DCR has shown great performance optimizations from proxies, where throughput is at most 62% higher than the baseline. Also, a novel anti-entropy failure recovery mechanism is designed using the DataCapsule data structure to enable a compute- and network-efficient algorithm that handles server and network failures. At 30000 records, the DAG-based design’s pairing latency is at most 76% lower than the baseline.

Advisor: John D. Kubiatowicz


BibTeX citation:

@mastersthesis{Lu:EECS-2022-267,
    Author = {Lu, Hanming},
    Editor = {Kubiatowicz, John D.},
    Title = {DCR: DataCapsule Replication System},
    School = {EECS Department, University of California, Berkeley},
    Year = {2022},
    Month = {Dec},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2022/EECS-2022-267.html},
    Number = {UCB/EECS-2022-267},
    Abstract = {The DataCapsule Replication System (DCR) is a continuous replication system using DataCapsule, a cryptographically hardened data container. The system uses DataCapsules as its underlying storage objects to provide a secure and efficient storage system on untrusted infrastructure. In particular, it uses an in-enclave proxy with HMAC channels to minimize write latency, lower compute and network requirements on clients, enable network efficiency, while maintaining data integrity, confidentiality, and provenance. In addition, it introduces optimizations such as periodic signatures to further reduce computation workload on clients, while maintaining provenance on every piece of stored data. In our benchmarks, the DCR has shown great performance optimizations from proxies, where throughput is at most 62% higher than the baseline. Also, a novel anti-entropy failure recovery mechanism is designed using the DataCapsule data structure to enable a compute- and network-efficient algorithm that handles server and network failures. At 30000 records, the DAG-based design’s pairing latency is at most 76% lower than the baseline.}
}

EndNote citation:

%0 Thesis
%A Lu, Hanming
%E Kubiatowicz, John D.
%T DCR: DataCapsule Replication System
%I EECS Department, University of California, Berkeley
%D 2022
%8 December 16
%@ UCB/EECS-2022-267
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2022/EECS-2022-267.html
%F Lu:EECS-2022-267